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(57) The invention relates to methods for transmis- 
sion of data, more particularly for transmission of data 
Clustered structures in IP networks. According to the 
invention, the cluster units are configured to be mem- 
bers of an IP multicast group specific to the cluster. The 
switch or switches directly connected to the cluster units 
are arranged to monitor multicast group membership re- 
ports from the cluster units, and therefore obtain knowl- 
edge about which ports of the switch or switches are 
connected to cluster units. Advantageously, the switch 
or switches may also send membership queries to find 
out, which ports are connected to members of the clus- 
ter multicast group. Consequently, when the switch re- 
ceives a packet with a multicast MAC address and the 
I P address of the cluster, the switch sends the packet to 
only those ports to which cluster units are connected, 
and not to all ports of the switch as according to the prior 
art. 
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Description 

BACKGROUND OF THE INVENTION 

1 . Field of the Invention 

[0001 ] The invention relates to methods for transmis- 
sion of data, more particularly for transmission of data 
in clustered structures in IP networks. Especially, the in- 
vention is related to such a method as specified in the 
preamble of the independent method claim. 

2. Description of Related Art 

[0002] A gateway is typically understood as a device, 
which connects a first network to a second network. A 
. server is typically understood as a device, which re- 
ceives requests from a client, performs the requested 
act and sends results back to the client. Typically, a gate- 
way is used to connect the local area network (LAN) of 
a company to the public Internet. The gateway typically 
acts as a firewall, i.e. screens incoming traffic according 
to a certain set of rules to protect the local area network 
and data stored therein. Servers provide services to in- 
dividual computers within the local area network, such 
as database services, disk services, and so on. 
[0003] Gateway clusters and server clusters are 
used, when the capacity of a single device is not suffi- 
cient. Compared to a single device, gateway or server 
clusters provide high availability and increased through- 
put. Figure 1 illustrates the structure of a gateway clus- 
ter. Figure 1 shows client computers 1 0 connected to a 
switch 20. The client computers 10. the switch 20, and 
form a local area network (LAN). The LAN is connected 
to an external network 50 through a gateway cluster 
consisting in this example of five gateways 30. The gate- 
ways 30 may for example function as firewall devices. 
The gateways 30 are connected to the external network 
50 through a switch 20 and a router 40. The client com- 
puters are in figure 1 divided into three subnetworks A, 
B. and C. 

[0004] Figure 2 illustrates a server cluster. Figure 2 
shows client computers 10 connected to a switch 20, 
which together form a local area network (LAN). The 
switch connects the local area network to the server 
cluster, which in this example comprises five server 
computers 30. Figure 2 further illustrates mass storage 
units 60 connected to the server computers 30. The cli- 
ent computers are in figure 2 divided into three subnet- 
works A. B, and C. 

[0005] In general, there are two basic methods tocon- 
struct server and gateway clusters in a TCP/IP network. 
According to the first basic method, each server or gate- 
way has a distinct IP address, and an external device 
redirects the requests or packets to different servers or 
gateways. The external device has acertain set of rules 
for controlling the redirection of data packets. For exam- 
ple, the external device can redirect data packets on the 



2 

basis of current toad on the cluster devices. In the ex-, 
ample of figures 1 and 2. the external devicecan be the 
switch 20 connecting the LAN to the cluster. The main 
drawback of this solution is asymmetric routing: be- 

s cause routing in IP networks is usually based only on 
the destination IP address, outgoing and incoming pack- 
ets can 1 be routed to different gateways. This is a prob- 
lem when the gateways also serve as firewalls, since 
firewalls typically do not accept any incoming messag- 

10 es, which are not a reply to a previous outgoing request. 
When the incoming packets are routed to a second gate- 
way which is a different gateway than the first gateway 
which sent the original outgoing request, they will be dis- 
carded' since the second gateway does has no knowt- 

w edge about the previous request. 

[0006] According to the second basic method, all units 
of the cluster share a common IP address and MAC 
{media access control) address, and therefore receive 
alt traffic in both directions. The units of the cluster have 

20 filter functions at their inputs and outputs, which accord- 
ing to certain rules allow the processing of a packet by 
only one of the gateways, while the others ignore the 
packet. The rules are constructed in such a way that the 
same gateway processes the packets in both directions 

25 of a single connection, which allows normal firewall op- 
eration. The benefit of this solution is transparency and 
scalability. New servers or gateways can be added to 
the cluster without changing routing, i.e. unnoticed by 
the clients 

30 [0007] However, even the second basic method has 
its drawbacks. Connecting multiple servers or gateways 
sharing a common MAC address to a switch requires 
usually usage of a multicast MAC address for the clus- 
ter, i.e. a hardware layer address which is recognized 
and processed by the network interface of every unit of 
the cluster. The network interfaces of the gateways al- 
ways have individual MAC addresses as well, but in this 
solution, the interfaces are arranged to recognize the 
multicast MAC address selected for the cluster. The IP 
address of the server or gateway cluster is mapped to 
a multicast MAC address in the A RP (Address Resolu- 
tion Protocol) tables of the nodes of the IP network. 
When a client wishes to send a data packet to the clus- 
ter, it addresses the packet to the IP address of the clus- 
ter. The network translates the IP address to a MAC ad- 
dress for transportation on the physical layer, and in this 
case the MAC address is a multicast address. The prob- 
lem with multicast MAC addresses is that switches typ- 
ically flood packets having a multicast address as des- 
tination to all ports of the switch by default, wherefore 
the packet ends up in all other subnetworks connected 
to other ports of the switch. This effect causes an un- 
necessary loading of other subnetworks connected to 
other ports of the switch than the. gateways/servers of 
the cluster. This is a severe problem, if the LAN is divid- 
ed into virtual LAN networks (VLAN). 
[0008] Virtual LANs (VLAN) can be created using 
switches to segment networks. A single segment is a 
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broadcast domain, i.e. broadcast, multicast and un- 
known unicastframes are sent to all stations in the seg- 
ment Port-based virtual LAN networks are groups of 
switch ports and at^ched segments (subnetworks) 
which belong to the VLAN. 

SUMMARY OF THE INVENTION 

[0009] An object of the invention is to realize a method 
for transmission of data in an IP packet network, which 
avoids the problems of the prior art. 
[0010] The objects are reached by using the IGMP 
protocol to inform the switch, which of its ports are con- ' 
nected to units of a cluster system, and forwarding those , 
packets with the unicast IP address of the cluster system 
and the multicast MAC address of the cluster system 
only to those ports. 

[001 1] The method according to the invention is char- 
acterized by that, which is specified in the characterizing 
part of the independent method claim. The cluster sys- 
tem according to the invention is characterized by that, 
which is specified in the characterizing part of the inde- 
pendent claim directed to a cluster system. The depend- 
ent claims describe further advantageous embodiments 
of the invention. 

[001 2] The invention is applicable to gateway clusters 
as well as server clusters. In the following, the single 
unit of cluster i.e. a gateway or a server is denoted a 
cluster unit. 

[001 3] According to the invention, the cluster units are 
configured to be members of an IP multicast group spe- 
cific to the cluster. The switch or switches directly con- 
nected to the cluster units are arranged to monitor mul- 
ticasi group membership reports from the cluster units, 
and therefore obtain knowledge about which ports of the 
switch or switches are connected to duster units. Ad- 
vantageously, the switch or switches may also send 
membership queries to find out, which ports are con- 
nected to members of the-cluster multicast group. Con- 
sequently, when the switch receives a packet with a mu I- 
ticast MAC address and the unicast IP address of the 
cluster, the switch sends the packet to only those ports 
to whict) cluster units are connected, and not to all ports 
of the switch as according to the prior art. In the local 
area network, the unicast IP address of the cluster is 
mapped to a multicast MAC address in the routing tables 
in the network. Therefore, when any client sends a pack- 
et to the cluster, the switch will receive the packet with 
a multicast MAC destination address. 
[0014] For obtaining this functionality, the switch is ar- 
ranged to recognize the unicast IP address of the cluster 
and the multicast group address configured for the clus- 
ter, and to store into its memory information about which 
ports are connected to such network nodes, which send 
group membership reports for the multicast group ad- 
dress configured for the cluster. 
[0015] According to the IGMP protocol (Internet 
Group Management Protocol), network nodes send a 



group membership report when they join a multicast 
group to announce their presence to multicast routers. 
The report is sent with an IP destination address equal 
to the host group address being reported, so that the 

5 multicast router <:an recognize which multicast groups 
have members in its domain. A multicast router sends 
an IGMP query at regular intervals to see if any nodes 
belong to any multicast groups. Network nodes send a 
, group membership report, when they receive a group 

10 membership query from the router. Aocording to the in- 
vention, this mechanism is used to inform the switch 
about which ports are connected to cluster units. The 
IGMP protocol version 1 is defined in the IETF standard 
document RFC 1112, and IGMP version 2 is defined in 

15 the IETF proposed standard document RFC 2236. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0016] The invention is described in more detail in the 
20 following with reference to the accompanying drawings, 
of which 

Figure 1 illustrates a gateway cluster arrangement 
according to prior art, 
25 . ' 

Figure 2 illustrates a servercluster arrangement ac- 
cording to prior art, 

Figure 3 illustrates a method according to an advan- 
ce tageous embodiment of the invention, 

Figure 4 illustrates another method according to an 
. advantageous embodiment of the invention, and 

35 Figure 5 illustrates a cluster system according to an 
advantageous embodiment of the invention. 

[0017] Same reference numerals are used for similar 
entities in the figures. 

40 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

A. A FIRST GROUP OF ADVANTAGEOUS 
45 EMBODIMENTS 

[0018] Figure 3 illustrates a method according to an 
advantageous embodiment of the invention. Figure 3 il- 
lustrates a method for transmission of data in an IP 

50 packet network, which network comprises a cluster of 
cluster units and a switching unit having a plurality of 
ports, and in which network the cluster units are con- 
nected to a part of the plurality of ports, and which cluster 
units share a unicast IP address. 

55 [0019] According to the present embodiment, the 
method comprises at least steps, in which 

- the cluster units are configured 100 to be members 
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of an IP multicast group specific to the cluster, 

- the IGMP&rotocol is used to obtain 110 information 
about to which ports of the plurality of ports the clus- 
ter units are connected. 

- the MAC address of a received^ packet is checked 
in step 140. and if said MAC address is found to be 
a multicast MAC address, the IP destination ad- 
dress of said packet iscompared 150 to the unicast 
IP address shared by the cluster units, 

- if the IP destination address of said packet is the 
same as the unicast IP address, the packet is for- 
warded 1 60 to those ports, to which the cluster units 
were found to be connected, and if it is not, the pack- 
et is sent to all ports of the switch. 

[0020] Figure 4 illustrates as an example how the step 
110 of obtaining information is performed according ac- 
cording to an advantageous embodiment of the inven- 
tion. According to this embodiment , the method further 
comprises at least steps, in which the switching unit re- 
ceives 114 an IGMP group membership report, the 
switching unit checks 1 1 6, if said report is addressed to 
said IP multicast group specific to the cluster, and if it is, 
the switching unit stores 1 1 8 into its memory the identi- 
fier of the port, through which said report arrived. 
[0021 ] Advantageously, the method may as well com- 
prise a step, in which an IGMP group membership query 
is sent 1 1 2 by the switching unit. 
[0022] In the inventive method, the IGMP protocol 
version 1 according to RFC 1112 can be used, as well 
as the IGMP protocol version 2 according to RFC 2236. 

B. A SECOND GROUP OF ADVANTAGEOUS 
EMBODIMENTS 

[0023] Figure 5 illustrates a cluster system according 
to an advantageous embodiment of the invention. Fig- 
ure 5 shows client computers 10 connected to a switch 
200. The client computers 10, the switch 200. and form 
a local area network (LAN). The LAN is connected to an 
external network 50 through a gateway cluster consist- 
ing in this example of five gateways 30. The gateways 
30 may for example function as firewall devices. The 
gateways 30 are connected to the external network 50 
through a switch 200 and a router 40. The client com- 
puters are in figure 5 divided into three subnetworks A, 
B, and C. According to ihe embodiment shown in figure 
5, the cluster system has a plurality of cluster units 30 
and a switching unit 200, and said cluster units are as- 
sociated with the same IP unicast address. According 
to the embodiment, the cluster units are configured to 
be members of an IP multicast group specific to the clus- 
ter system, and the cluster system comprises 

means 240 for observing using the M3MP protocol 
which ports of the switching unit are connected to 
the cluster units. 

- means 210 in the switching unit for observing the 



MAC destination address of a packet arriving to the* 
switching unit and for checking if said MAC desti- 
nation address is a MAC multicast address, 

- means 220 in the switching unit for observing the 
5 IP destination address of said packet and for com- 
paring said IP destination address to said IP unicast 
address associated with the cluster units, 

- means 230 in the switching unit for forwarding of 
the packet to those ports whose identifiers were 

io previously stored to said memory means as a re- 
sponse to the finding that said IP destination ad- 
dress and said IP unicast address are the same and 
said MAC destination address is a MAC multicast 
address. 

15 

[0024] In a further advantageous embodiment of the 
invention, said means 240 for observing using the IGMP 
protocol comprise at least 

20 - means 242 in the switching unit for observing IGMP 
multicast group reports and for checking, if a re- 
ceived IGMP multicast group report is addressed to 
said IP multicast group specific to the cluster sys- 
tem, and 

25 - means 244 in the switching unit for storing into a 
memory means an identifier of that port via which 
said received IGMP multicast group report arrived 
as a response to finding that said report was ad- 
dressed to said IP multicast group. 

30 

[0025] In a still further advantageous embodiment of 
the invention, the system further comprises means 260 
in the switching unit for sending IGMP group member- 
ship queries. 

35 [0026] In an advantageous embodiment of the inven- 
tion, said means210, 220 ,230, 240,242, 244, 250. and 
260 are realized using software programs stored in a 
memory element 270 of the switching unit 200 and ex- 
ecuted by a processor 280 of the switching unit 200. 
4 o [0027] In another advantageous embodiment of the 
invention, said means 210, 220 ,230, 240, 242, 244, 
250, and 260 are realized using dedicated logic circuits 
implemented for example using an ASIC circuit (appli- 
cation specific integrated circuit). Such an implementa- 
45 tion of the invention allows the functioning of the switch- 
ing unit at extremely high speeds. 
[0028] In an advantageous embodiment of the inven- 
tion, the cluster units 30 are gateway units 30. 
[0029] In a further advantageous embodiment of the 
so invention, the cluster units are server units. 

C. FURTHER CONSIDERATIONS 

[0030] The invention has several advantages. For ex- 
55 ample, the invention enables connecting gateway clus- 
ters to switches, which allows the construction of high- 
speed networks using port-based virtual local area net- 
works. 
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[0031] The invention is applicable with IPv4 as well as 
IPv6 networks. The IP protocol version 4 is described in 
detail in thespecification RFC 791 . The next version of 
the IP protocol, known ps IPv6, is described in the spec- 
ification RFC 1883. 

[0032] In view of the foregoing description it will be 
evident to a person skilled in the art that various modi- 
fications may be made within the scope of the invention. 
While a preferred embodiment of the invention has been 
described in detail, it should be apparent that many 
modifications and variations thereto are possible, all of 
which fall within the true spirit and scope of the inven- 
tion. 



Claims 

1 . Method for transmission of data in an IP packet net- 
work comprising a cluster of cluster units, a switch- 
ing unit having a plurality of ports, the cluster units 
being connected to a part of the plurality of ports, 
which cluster units share a unicast IP address, 
characterized in that the method comprises at 
least steps, in which 

the cluster units are configured to be members 
of an IP multicast group specific to the cluster, 
the IGMP protocol is used to obtain information 
about to which ports of the plurality of ports the 
cluster units are connected, 
the MAC address of a received IP packet is 
checked, and if said MAC address is a multicast 
MAC address, the IP destination address of 
said packet is compared to the unicast IP ad- 
dress shared by the cluster units, 
if the IP destination address of said packet is 
the same as the unicast IP address, thepacket 
is forwarded to those ports, to which the cluster 
units were found to be connected. 

2. The method of claim 1 , characterized in that 
it further comprises at least steps, in which 

the switching unit receives an IGMP group 
membership report, 

the switching unit checks, if said report is ad- 
dressed to said IP multicast group specific to 
the cluster, 

and if it is, the switching unit-stores into its mem- 
ory the identifier of the port, through which said 
report arrived. 

3. The method of claim 1 , characterized in that 

it comprises a step, in which an IGMP group mem- 
bership query is sent by the switching unit. 

4. The method of claim 1 , characterized in that 

the IGMP protocol is protocol version 1 according 



to RFC 1112. 

5. The method of claim 1 . characterized in that 

the IGMP protocol is protocol version 2 according 
5 to RFC 2236. 

6. Cluster system having aplurality of cluster units and 
a switching unit, said cluster units being associated 

, with the same IP unicast address, 
10 characterized in that 

- , the cluster units are configured to be members 
of an IP multicast group specific to the cluster 
system, 

15 

and in that, that the system comprises 

means for observing using the IGMP protocol 
which ports of the switching unit areconnected 

20 to the cluster units, 

means in the switching unit for observing the 
MAC destination address of a packet arriving 
to the switching unit and for checking if said 
MAC destination address is a MAC multicast 

25 address, 

means in the switching unit for observing the IP 
destination address of said packet and for com- 
paring said IP destination address to said IP 
unicast address associated with the cluster 

30 units, 

means in the switching unit for forwarding of the 
packet to those ports whose identifiers were 
previously stored to said memory means as a 
response to the finding that said IP destination 

35 address and said IP unicast address are the 

same and said MAC destination address is a 
MAC multicast address. 

7. The system according to claim 6. characterized in 
40 that 

said means for observing using the IGMP protocol 
comprise at least 

means in the switching unii for observing IGMP 
45 multicast group reports and for checking, if a 

received IGMP multicast group report is ad- 
dressed to said IP multicast group specific to 
the cluster system, and 
means in the switching unit for storing into a 
so memory means an identifier of that port via 

which said received IGMP multicast group re- 
port arrived as a response to finding that said 
report was addressed to said IP multicast 
group. 

55 

8. The system according to claim 6, characterized in 
that 

it further comprises means in the switching unit for 
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sending IGMP group membership queries. 

h 

9. The system according to claim 6. characterized in 
that 

the duster units are gateway units. s 

10. The system according to claim 6, characterized in 
that 

theoluster units are server units. 

10 



15 



20 



25 



30 



35 



40 



45 



50 



tNSDOCLD: <EP_ 1 093249 A2J_> 



EP 1 093 249 A2 




Fig. 1 

PRIOR ART 



EP 1 093 249 A2 



60 60 60 60 60 

^3 X/N Q ^13 3 3 



30 



1 V 



10 



10 



30 



30 



20 



30 



30 



IE 



10 

A V 



10 



V - 



10 



B 



'VI 



10 



10 



Fig. 2 

PRIOR ART 



8 



EP 1 093 249 A2 



Q START ^ 



CONFIGURATION OF 
CLUSTER UNITS 



100 



OBTAINING INFORMATION 




SENDING OF PACKET 
TO CLUSTER PORTS 



NO 

i 


170 

r /v/ 


SENDING OF PACKET 
TO ALL PORTS 



J 



Fig. 3 



9 



CP 1093 249 A2 



FROM STEP 100 



1 



SENDING OF AN IGMP L/ 1 2 
QUERY 1 




TO STEP 120 



Fig. 4 



10 



EP 1 093 249 A2 




O 230 [^3^260 
I k r250 I k ^270 



J 



I 



v 



B 



10 



V\ _ 



V 



10 



10 



Fig. 5 



11 



BNSDOCID: <EP 1 0932*9 A2_l_> 



1 



(19) 




Europaisches Patentamt 
European Patent Office 
Office europeen des brevets 




(12) 



(id EP 1 093 249 A3 

EUROPEAN PATENT APPLICATION 



488) Date of publication A3: 

12.02.2003 Bulletin 2003/07 

(43) Date of publication A2: 

18.04.2001 Bulletin 2001/1 P 

(21) Application number 00660182.7 

(22) Date of filing: 09.10.2000 



(51) mtci7: H04L12/18, H04L 12/46, 
H04L 29/06 



(84) Designated Contracting States: 


(72) Inventor: Artes, Jari 


AT BECH CY OE DK ES Ft FR GB GR IE IT LI LU 


00160 Helsinki (Fl) 


MCNL PT SE 


(74) Representative: Akras, Tapio 


Designated Extension States: 


AL LT LV MK RO SI 


Kolster Oy Ab, 




Iso Roobertinkatu 23 


(30) Priority: 11.10.1999 Fl 992188 


00120 Helsinki (Fl) 


(71 ) Applicant: Stonesoft Corporation 




00210 Helsinki (Fl) 





(54) A method for multicast transmission 



CO 
< 

OJ 

CO 

o> 
o 



(57) The invention relates to methods for transmis- 
sion of data, more particularly for transmission of data 
in clustered structures in IP networks. According to the 
invention, the cluster units are configured to be mem- 
bers of an IP multicast group specific to the cluster. The 
switch orswitches directly-connected to the cluster units 
are arranged to monitor multicast group membership re- 
ports from the cluster units, and therefore obtain knowl- 
edge about which ports of the switch or switches are 
connected to cluster units. Advantageously, the switch 
or switches may also send membership queries to find 
out, which ports are connected to members of the dus- 
ter multicast group. Consequently, when the switch re- 
ceives a packet with a multicast MAC address and the 
IP address of the cluster, the switch sends the packet to 
only those pons to which cluster units are connected, 
and no! lo al! ports of the switch as according to the prior 
art. 
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